Blog

Wow, but sitting in Oxford University's Examination Halls is intimidating. I'm here for Professor Jonathan Zittrain's inaugural lecture, entitled Internet Governance and Regulation: The Future of the Internet - and How to Stop It.
The Lecture
Has a 'nerd-like joy' in what the technology offers. One pair of concepts that are evolving because of the internet is the public and the private.
Slide of people queuing to see the queen on her 80th. Clear who is public. In the internet, the private is the realm of privacy, which JZ is tired of, specially
1. Privacy as Defence, views the gov't as trying to defend our privacy against those who would intrude: e.g. firms whom we ask to come up with a privacy policy which no one reads. Do they matter? I think not.
Some legislative expansion - in CA, if you expose your customer data to others, you have to tell the public that their data has been compromised.
Privacy has meant wondering about how tech could lock things up. E.g. DRM ebooks which stop you printing, but also feeds back info on which pages you linger on.
Some backlash, e.g. against Sony BMG DRM rootkit debacle. Has commercial implications.
Top 3 Sony XCP-related CDs
3. The Invisible Invasion - The Coral
2. Suspicious Activity - The Bad Plus
1. Healthy in Paranoid Times - Our Lady Peace
This could lead to differential pricing, depending on people's attention. Or perhaps differential discounts.
If you use a loyalty card, then perhaps the price of a loaf of bread becomes indeterminate - the sticker price is never paid, you just get a different discount.
Or you could use this data for different level of service. Figure out who the good customers and bad customers are, and change the level of service.
2. Privacy as Strategy
What is at the core of privacy.
iPods. The market for iPod accessories is extraordinary. 32 million ipods, one every second. $1 billion for accessories, e.g. small dog that dances. Or the HMS Daring, a British warship with iPod docks and surround sound.
We have an identity with that object that transcends its function as an MP3 player. Taking that identity and vesting it in other things is an expansion of the private sphere.
YouTube.com allows people to submit videos and rate them. Makes 100m page views a month, but none of the content belongs to YouTube.
Or iTunes podcasts, e.g. Harry Potter podcasts. Or virtual worlds, 100m people a month play interactive computer games. People invest their identities into the world to the point where if a game is shut down, it's like a piece of your identity is lost.
Lots of examples where people invest some aspect of themselves, or create a new aspect of themselves.
E.g. SorryWorld.com, after the election of George W.Bush, spawned a book, and ApologiesAccepted, and SorryJustIsn'tGoodEnough, and WeHaveNothingToBeSorryFor.
What makes people do this? When we don't judge by a number of page views, but look at the way people relate, we are impressed. The way that these spheres expand, indicate:
3. Private is the New Public
Yochai Benkler pointed out the NASA clickworkers study - bitmap images of the moon that people drew circles round. Asked the people round the world to do this, and did it in a week.
OCR can take Tim Berners-Lee and turn it into The Timberners League... so can make OCR turn out better by turning it into a game where people shoot down the typos.
ShotSpotter, mics in a neighbourhood which picks up a gunshot, triangulates and calls the police, and augments with a neighbourhood watch online that allows people to keep an eye on things and call the police.
Central example of private positions cohering into a public whole is Wikipedia. Entries that we think most controversial are the ones that reflect the most care. Example, the Rachel Corrie page, which has a lot of controversy. Kinds of discussions over this entry that you could expect in an editorial office at Britannica. So you can see not just what the entry says, but also the discussion behind it, the logic in the decision. Wikipedia is a culture, an ethos, which helps the wiki to run.
Pledgebank, started by Tom Steinberg. Allows people to pledge to pick up litter from the banks of the Isis if only 20 other people do too. Hence was the Open Rights Group was formed, with the commitment to pay £5 per week, if 1000 people also did.
That's a new kind of public coming out of people feeling at home with these technologies.
4. Public vs. Government
Example, the Chinese internet police. Or in the States, people protesting about AT&T handing your data to the NSA.
Tor, the onion server that anonymises data via a route through lots of people's clients. Your choice of how you use the network affects how other people can - e.g. if you use Tor, you make it easier for other people to use Tor. Tor do not believe in anonymity at all costs, they have accountability methods to help them limit damage done by servers which misbehave.
Recently in China, Google has submitted to censorship. If you try to set up a blog in China, MS Spaces will censor your title.
Think about Google and other search engines. They offer no unique content, they just crawl other people's and rank it, by the rank the public assigns by linking to it. It taps into people's judgement.
We can tap into people's judgement. For example, if you wanted to create a filter gauge, where people can triangulate where the blockage in the net is - with your computer config; your firewall; the net; your government.
Need more study to have an understanding of the phenomenon of the internet which keeps pace with our ability to be the phenomenon.
5. Public vs. Public
The force of aggregating people who feel really empowered to move their private selves into public spaces, is so powerful that it can be used for things that may seem undesirable.
The number of security incidents on the net has increased dramatically. Spam on the rise, has been for a long time.
Rise of MAPS, a list of net addresses believed to be spammers. Made it available to Hotmail as a blacklist, so if one person didn't like you you couldn't email Hotmail.
How do think about net security? In other places it's done by the authorities, but not online.
How do you tell the p2p consciousness of the net to mind due process?
80% of students in the US have an entry in Facebook. People take photos and put them up and tag them. Won't be long before cameras upload to Flickr as soon as they are taken. With Riya, once one photo is tagged with a person's name, all of them are.
This is troubling.
The Christian Gallery took photos of women seeking abortions, so suddenly your identity is searchable online as soon as a photo is taken. Makes for a much more identifiable world than a more chaotic world.
Gawker Stalker. As soon as a star is spotted, its online so people can go see celebs.
There's a chance here now to enter a cafe and know if any friends are within 100 yards, any of my friends' friends? Graduates of Oxford? Can use reputation system to winnow large groups of strangers down. Cyworld -rating sexiness, fame, friendliness, karma, kindness.
That can end up in the real world. All this can be aggregated together. But it can throw up odd juxtapositions.
Then the logic moves towards systems that say 'this subversive read this, this subversive read that, that person read both so may be a subversive'.
How do we determine the validity of judgements of others about us when we can't see them?
IETF Principles, at the beginning of the internet
- anyone can join
- keep it simple
- keep it open
- tech meritocracy
- hum consensus (ask people to hum if they agree)
- people are reasonable
- people are nice
This is embedded in the fabric of the internet, e.g. the way ethernet works.
This is one institution that gives us a hint about having faith in people, even though people might let you down. Wikipedia is good at this too - when people do something horrible on Wikipedia, they get sent a nice not asking them to be constructive.
On the other hand:
ICANN
ITU
Worlds Summit on the information society
All the wrong way to think about Internet governance. Best thing about them is that they keep the busybodies in a room talking to each other.
The right questions for us to ask is:
What are the digital environments that inspire people to act humanely?
- town hall vs. mob; the smaller the group the better sometimes.
- apprenticeship; people come to understand the culture that they are looking to master from the people who are already there
- availability of exit; if you don't like it, you can leave
- having a stake in what you're doing; get people involved in something that matters. includes the freedom to do wrong. what makes Wikipedia work is that you have the opportunity to do wrong, and every time you go there and don't do it, you affirm something to yourself and to others.
Third set of institutions
- university.
People in lectures use their laptops poorly, playing cards, poker, etc. Not just the pupils, but also the staff, using things like 'SA Grader', a site that grades your essay. But this sort of automatic semantic analysis, you get the same grade if you just list the words alphabetical.
Try to protect the wrong things, e.g. trying to copyright lectures.
Why you saw Fathom.com, which is now an archive, but hasn't figured out that the future of the internet in this environment should be great. They should put the same kind of effort in as arranging a playlist. Should have lecture playlists - these are the books and readings i think are great, and this is the order you should read them in. Should know that if classes are studying the same thing, they should be connected. That's the functionality that the internet invites us to build.
What we ask students to do is write essays, turn them into one person who reads them. What if we asked them to put them on Wikipedia.
Innocentive.com, which puts a bounty on problems in chemistry.
It's a wonderful thing that libraries are scanning the works of dead people to make them available to the rest of us forever. Our next challenge is how to make sure that the works we produce anew are ones that stand on the shoulders of our technology in ways that weren't possible before the net.
The internet Archive, trying to make sure that everything on the web stays forever, for future historians.
Looking forward, we have a chance to build monuments to humanity. Not the pyramids, made as a monument to one person. Instead, what can we build together as a group where, yes, there will be inaccuracies but our role is to join the fray. Our role as academics is to invite people in.

Last month, Cory Doctorow passed over the reins of the London Copyfighers' Drunken Brunch and Talking Shop to ORG, and yesterday we had our first brunch in the new format - a picnic in Hyde Park, followed then by the traditional oration at Speakers' Corner.
Unfortunately for us, my prediction a month ago that we'd break the run of sunny Sundays we've had since Cory started this a year ago was entirely on the money. Some brave souls ventured forth despite the rain, though, and despite the crowd being small, we had some great talks and managed to steal away a good percentage of listeners from the usual crowd of ladder-toting fringe cases.
The photos are on Flickr.

ORG Advisory Council member Professor Jonathan Zittrain is giving his inaugural lecture at Oxford University tomorrow, 25 April, at 5pm at the Oxford University Examination Schools, High Street (building 22 on the map):

The lecture will propose a theory about what lies around the corner for the Internet, how to avoid it, and how to study and affect the future of the internet using the distributed power of the network itself, using privacy as a signal example.

Thanks very much to Denise Wilton, Chris Morrison and their collaborators both on and off the Haddock mailing list for designing the new ORG logo. If you want to have a stab at a new WordPress themes, or 'support ORG' buttons, then email me for a zip of all versions.

Unfortunately, we've been having some technical difficulties with the ORG servers over the last couple of weeks, resulting in the Discussion list going down. We are trying to get this fixed as soon as possible. Sorry about the outage!
UPDATE: Org lists back up again!
We've actually moved the ORG lists on to a new server, so the email address and sign-up/admin pages are subtly different now.
Email: org-discuss-at-lists.openrightsgroup.org -- please remember to change your address books, although the old email address will redirect automatically.
And sign-up/admin pages for the Discuss and Announce lists:
http://www.openrightsgroup.org/mailman/listinfo/org-discusshttp://www.openrightsgroup.org/mailman/listinfo/org-announce
Unfortunately, whilst we have migrated your subscriptions, we have not been able to migrate your digest settings, so if you were on digest, you'll have to pop back in and reset that. You will also find that your passwords will have changed, but you should have had a new one by email by now (except for the Announce list - you can get that from the admin interface if you need it).

Cory Doctorow, ORG Advisory Council member, famous novelist, copyright activist and one of the driving forces behind BoingBoing, has kindly donated a Razr mobile phone and a signed first edition of his novel Eastern Standard Tribe, to the Open Rights Group for us to auction. We have duly put both together as one lot on eBay, with a starting price of just

The Open Rights Group has now become a provisional member of European Digital Rights (EDRi), a coalition of 21 privacy and civil rights organisations from 14 different countries. Says the EDRi site:

Members of European Digital Rights have joined forces to defend civil rights in the information society. The need for cooperation among European organizations is increasing as more regulation regarding the internet, copyright and privacy is originating from the European Union.

Some examples of regulations and developments that have the attention of European Digital Rights are data retention requirements, spam, telecommunications interception, copyright and fair use restrictions, the cyber-crime treaty, rating, filtering and blocking of internet content and notice-and-takedown procedures of websites.

European Digital Rights takes an active interest in developments regarding these subjects in all 45 member states of the Council of Europe.

EDRi also publishes EDRigram, 'a bi-weekly newsletter about digital civil rights in Europe' (you can sign up on their home page).

EDRi is planning to have a General Assembly in Berlin early in September, when the current EDRi members will make their final decision on whether ORG can become a full member. We look forward to attending and to getting to know our European counterparts much better.

I think it's important too to keep an eye on what is happening not just across the water in the States, but also in Europe. Bad ideas, and bad legislation, has a habit of travelling, and the concept of geographically isolated policy is old and out of date. What happens in Ireland, or France, or Germany can happen here, and visa versa, so it's important that we become part of the wider digital rights communities.

I was yesterday at the Guardian's Changing Media conference, at which our very own Dr Ian Brown spoke on DRM. These are my notes, cross-posted from my own blog, Strange Attractor.
Can digital rights management achieve its security goals?
Chair: Nick Higham
Dr Ian Brown, UCL (and also ORG)
Nick Higham
ONe of the things that alarms content owners is what this new technology means for their copyright, their intellectual property, their security. Dr Ian Brown is a computer security researcher at UCL.
Ian Brown, UCL
I want to limit myself today to "will DRM do everything that they are sold as doing?". There are much wider issues to do with DRM, but I want to focus on this specific area.
DRM is an umbrella term for quite a wide range of technologies that give content owners some control over their content. Some control, not full control - you certainly can't expect to put your new Britney Spears CD out and not see it online within five minutes.
DRM is also not about copyright, because it goes further than copyright law. Copyright law also varies from area to area, for example there is no right to private copy in the UK, but yet people do it anyway. DRM goes further than trying to prevent this, but can control the way people access, print, and copy ebooks, for example.
DRM is present in Windows Media Player, Adobe e-books, RealPlayer, iTunes, etc.
French law which is saying that DRM has to be interoperable between platforms, e.g. can't put iTunes music on a third party media player.
The basic tech behind DRM is simple - you encrypt the data in a way that is impossible to unscramble directly, even people with the computing power of major western governments. You give the encryption keys to the user via the medium of the media player, e.g. your DVD player has decryption keys so that it can decrypt DVDs. This controls access to the data of the files.
The other type of tech is digital watermarking, which allows people to embed information in audio and video files in a way that is invisible to the user, and hard to remove. Can embed information that controls when the media can be used, e.g. can only be played on computer with xyz ID. Also allows the media owners to track who copies stuff.
DRM is actually very difficult to do. Making it work overall as a system in the way that content owners would like, is a very difficult problem. Some of the underlying reasons for that:
- data is encrypted, but has to be decrypted at some point so you can use it. So at some point your tech has to decrypt it and create an unprotected version of that content.
- watermarks can be removed. All of the watermarks that have been created are fairly primitive and have been a failure. People trying to break these technologies find it easy, and there are fundamental reasons why this is easy - if you distribute a file which is on the one hand the same - all Britney Spears CDs that are the same - but have individual bits that are different, can compare and find the watermark.
- DRM tries to reduce the functionality of your computer as regards specific streams of data, but old equipment doesn't have the DRM on it, so legacy computers are going to be more functional than new ones.
Previous DRM solutions:
- secure digital music initiative: was tested against world's hackers, and the hackers won. One research team in Princeton broke all of the proposed technologies. Most sensible companies would have rethought it, but instead STMI tried to sue the academics that had done this work, the conference organisers, etc. The researchers gave a press conference saying that they weren't going to publish the research because their houses are at risk. STMI said they had broken the DMCA. Researchers got support and published the research anyway.
- CD protection: several record labels have released CDs that play on your hifi but not your computer. Most of these techs are trivially circumvented - one you hold down the shift key as you put the CD in, or draw a black line round your CD. Would have been illegal to tell you this 2 years ago - now it's only illegal to tell you how to break software DRM.
- CSS: broken by a Norwegian teenager who was arrested under trespass law, so the courts threw it out.
- Sony BMG (XCP and MediaMax): big news over last few months. Sony BMG installed two DRM technologies, XCP from a UK company and used virus-like technology to embed itself deep in Windows. Very difficult to remove. After a lot of consumer protest, they released an uninstaller, which made things worse, and eventually they released something that did allow you to remove it. MediaMax installed even if you said no you didn't want to install it, and reported back to MediaMax what audio files you use. Sony have had to settle a number of class action cases already. The US govt's said don't install it. Lots of gov't computers infected, so the US gov't not impressed.
So DRM is crap. But supposedly it will improve soon. Intel, IBM, HP etc. want to put this stuff into hardware. Trusted Computing.
Thinking about all sort of problems of getting round. MS want it everywhere - your computer, phone, PDA, even your watch.
- The analog hole is a big problem: No way not to turn digital bits into an analogue version for human consumption. Lots of 'anti-piracy' ads in cinemas because they can't do anything about it.
- Break One Play Anywhere: Even if only one person in the world can break it, they'll share it and you really can't stop P2P. Napster originally weren't designed with lawsuits in mind, but now they are and they are very difficult to shut down. Lots of networking technology that will stop this.
Some business models that DRM could support:
- Live events: you don't care if it's shared the next day, it's live that counts.
- Highly select, time-sensitivie audiences, customised information provided to individual recipients, e.g. Oscar judges. Last year for the first time it was found that an Oscar screener was leaked, and the judge who leaked it was fined. Customised data that only needs protecting for a short time.
- Highly interactive systems, such as games. Even if someone breaks it, it doesn't matter, because they can't keep breaking it.
Very polarised debate.
Nick: So DRM is not workable?
Ian: Content companies have been mis-sold on this. Software companies have sold DRM as solving problems it can't solve. As people come to understand the technology they see that it's the business models that need to change.
Q: I agree that DRM is not unbreakable. But we don't need it to be unbreakable. Can DRM be useful? I would say yes.
Ian: Yes, I think your good point is moot, because no one has produced a system that prevents low-quality copies. But it's an anti-consumer technology. There aren't many consumers who have an understanding of UK copyright law.
Nick: Consumers are happy to buy low quality. It's not a disincentive.
Ian: Early Napster files were very low quality but they didn't put people off.
Q: An observations, it's a bit like the war against drugs. Entrenched position. What is stopping people exploring the possibility of radically new business models, and what might thos be?
Ian: The problem is that the big rights holders have expended a lot of energy in lobbying to get the law changed, global copyright law has changed, treaties have changed. They got the DMCA passed. The EUCD. US didn't need to pass those laws to fit the treaties, but the copyright holders lobbied for it.
There are alternatives, there are indie labels that use non-DRM materials, and the market should be able to decide.
Nick: But the trouble is that sometimes the market can't decide.
Ian: Well, that's
Q: Consumer associations have expressed concerns about the rights of the citizens. Do you think their concerns are misplaced?
Ian: No. It doesn't stop at deterring copyright infringers, it also makes life difficult for say, visually impaired people. RNIB gave evidence at APIG and said they have problems with ebooks.
Q (me): DRM lobbiests more into supporting vertical niche markets than protecting copyright.
Ian: Damaging to copyright law and public's respect for it, this 'newspeak' that goes on around DRM. Industry make blood-curdling pronouncements, conflating opening up standards with protecting copyright which is very damaging.
I believe in copyright, but I don't think DRM is the way to enforce it.
Q: What about revenue sharing?
Ian: I can't talk about it in detail, but it's a positive move. If you have legitimate P2P services, then yes, that might work.
This has always been the flip side to DRM - how do you make a business model not from scarce goods, but from abundance. Grateful Dead, for e.g., or U2 find their music is a loss-leader, and they make their money from merchandise.

Open Rights Group exists to preserve and promote your rights in the digital age. We are funded by thousands of people like you. We are based in London, United Kingdom. Open Rights is a non-profit company limited by Guarantee, registered in England
and Wales no. 05581537.